26de66e85ae361af38ab5520df34b7bde6c16c324956c767dcc643dec636a562 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:10

Sharing

Report Analysis Logs

General

Target

6d58c229ed4fdb6bfff629fe35249020.dll
Size

159KB
MD5

6d58c229ed4fdb6bfff629fe35249020
SHA1

bace7c2e9ae00120ea8dd768a47e7a0c802fc4d9
SHA256

26de66e85ae361af38ab5520df34b7bde6c16c324956c767dcc643dec636a562
SHA512

62f29e261c00d8716a1590d8cfad2873f9b10529c82cc06c5cd1c5ca6908ba8dd7667c313ad405e50be43fc7d265b675cd03d7379295dd71f04098bebac24373
SSDEEP

3072:rvy+i96rAxNTt/rYZW+4dQ+0riNmVFxKui4nR5fjEP:e+IuWRdciNmzxKwDwP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2100	2468	regsvr32.exe	16
PID 2468 wrote to memory of 2100	2468	regsvr32.exe	16
PID 2468 wrote to memory of 2100	2468	regsvr32.exe	16
PID 2468 wrote to memory of 2100	2468	regsvr32.exe	16
PID 2468 wrote to memory of 2100	2468	regsvr32.exe	16
PID 2468 wrote to memory of 2100	2468	regsvr32.exe	16
PID 2468 wrote to memory of 2100	2468	regsvr32.exe	16

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\6d58c229ed4fdb6bfff629fe35249020.dll
1⤵
PID:2100

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6d58c229ed4fdb6bfff629fe35249020.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads